How To Use the Magnet Custom Artifact Generator
Hi, everyone. This is Jessica Hyde with Magnet Forensics. I wanted to reach out and share a bit about our newest free tool, MAGNET Custom Artifact Generator, including why I am so excited about how it allows examiners to bring new artifacts into Magnet AXIOM.
You may have seen a description of MAGET Custom Artifact Generator with some other updates of free tools that were released this week. But I wanted to show some examples of the multiple ways the tool could be used, because I personally think this is incredible for bringing all types of content into analysis inside of AXIOM.
So what is MAGNET Custom Artifact Generator? Well it is a tool that allows you to create Custom Artifacts from either SQLite or CSV/Delimited Text output from another tool. This means you will be able to bring the results from that tool into AXIOM for analysis. Now you can bring in files from a variety of sources to analyze your data alongside other results in AXIOM!
Some examples of different types of data you could bring in could include Call Data Records (CDRs), results from third-party tools like iLEAPP from Alexis Brignoni and Yogesh Khatri, Volatility plugin exports, KAPE exports, unsupported warrant returns, and more. And the neat thing is once you have created the custom artifact, exports from future exports of those tools or services can just be added to AXIOM so the results show.
Creating a Custom Artifact with the MAGNET Custom Artifact Generator takes a few seconds per artifact. Here is an example of creating a Custom Artifact for the Account Data artifact from iLEAPP. iLEAPP creates .tsv exports which work with the CSV/Delimited Text feature. Once you open the file, you simply look at the record preview for any Time Stamp and use the keys to enter the Date/Time Format using the formatting symbols in the chart below.
MAGNET Custom Artifact Generator opening an AccoundData.tsv export from iLEAPP.
Once you have created an MAGNET Custom Artifact Generator result, not only will they be added to your instance of AXIOM so that you can use them to include that artifact, but they can be exported and shared! You can share them within your organization, especially if the export is for a custom in house tool. If, however, your new custom artifact is for an open source or common tool, you can also share your new artifact with the community via the Artifact Exchange. Then anyone will be able to use the artifacts you created! Alexis Brignoni submitted some of these iLEAPP artifacts created with MAGNET Custom Artifact Generator to the Artifact Exchange so you can download these and run them in your case.
You only need to run MAGNET Custom Artifact Generator once to create the support for the artifact. Once you have done that, the custom artifact is ready for use in AXIOM and the export can be processed. Now you are ready to view your evidence or artifacts from an external tool or from another source like your CDR alongside your other evidence in AXIOM.
Because you can bring in third-party tools, this also is awesome for our Magnet AUTOMATE customers. This means that third-party tool results ran in the AUTOMATE orchestration can have their results brought back into AXIOM for analysis in one place. This allows for being able to conduct searches and timelining across both your AXIOM results and whatever additional sources you have brought in from MAGNET Custom Artifact Generator.
I hope you are excited about the rapid extensibility that MAGNET Custom Artifact Generator allows you to bring to your AXIOM analysis.
Do you have other use cases for the MAGNET Custom Artifact Generator? I would love to hear about them or your other questions. Feel free to email me at jessica.hyde@magnetforensics.com.